Industry 4.0: protecting the smart factory from escalating cyber-threats

by Ian Heritage

As in many other sectors, manufacturing organisations are rapidly embracing digital transformation to drive efficiencies, agility and growth. In so doing, they’re investing in new industrial Internet of Things (IIoT) systems to accelerate convergence between previously siloed IT and OT spheres. But this digital revolution also opens the door to new threats, as previously air-gapped systems and proprietary technologies are brought online and exposed to remote hackers.

That’s why Trend Micro has just announced major new security products designed to enhance visibility and protection for imperilled industrial control system (ICS) environments.

IIoT on the rise
It has been predicted that IIoT will become a $200 billion market by 2021 as tens of billions of connected devices are installed across the planet. Many of these are being used in highly complex manufacturing processes designed to produce everything from cars and fighter jets to consumer goods. Although much diminished from its glory days, the manufacturing industry still contributes a healthy £275 billion annually to the UK economy, employing over 2.7m people.

Yet new technology systems always threaten to introduce new risks. In this instance it’s the convergence of IT and OT that is causing many of the problems, as previously siloed and unsecured systems come online. A Trend Micro study of global manufacturers earlier this year found that prompt patching remains a challenge, in some cases because of an OT-driven “do not touch” mentality for mission critical machinery. We found that vast majority (60%) of manufacturers were still on Windows 7, with many (4.4%) running XP — almost double the number from other industries.

Yet, at the same time, the number of ICS bugs reported to our Zero Day Initiative in 2018 stood at 467, a massive 224% increase on 2017. The bugs were mainly (60%+) in human-machine interface (HMI) software, but in some cases it wasn’t even a case of failing to patch: we also found numerous instances where HMIs were exposed to the public-facing internet without any authentication.

Manufacturers at risk
It goes without saying that these trends are broadening the attack surface and creating an extra risk of data loss, industrial sabotage, ransomware and more for organisations running smart factories. A study for industry association Make UK last year revealed that 48% of manufacturers had been hit by a cyber-incident, a quarter (24%) of them suffering losses.

Worryingly, two-fifths (41%) said they don’t have access to enough information to assess their true risk exposure, 45% said they don’t have access to the right security tools, and 12% claimed they don’t have the technical or managerial processes in place to assess risk.

Protecting Industry 4.0
All of which led Trend Micro to tap its 30+ years of experience in cybersecurity and threat intelligence to help global manufacturers. Our two new solutions, built by majority owned subsidiary TXOne, are industrial firewall EdgeFire and intrusion prevention system (IPS) EdgeIPS. The former features a protocol whitelisting function to limit exposure to unsecure communications channels, while the IPS feature includes virtual patching to protect ICS environments from vulnerability exploitation. An OT Defense Console product works across both to help identify the root cause of attacks.

We’ve also enhanced the performance of two existing products to make them smart factory-friendly. Trend Micro Safe Lock TXOne edition prevents the execution of malware and unauthorised programs, including those brought in via USB/external devices; while Trend Micro Portable Security 3 is a Flash drive-sized device which can be simply plugged into ICS environments to clean-up malware infection.

The value of all of these is further enhanced when used as part of a multi-layered security approach alongside: Tipping Point and Trend Micro IoT Security to prevent attacks crossing from IT to OT environments; and Deep Discovery Inspector for enhanced detection of suspicious activity in OT systems. More info.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.